1 / 45

Access Control in ATM Networks

IBM Zurich, March 1 st. Access Control in ATM Networks. Olivier Paul. ENST Bretagne RSM Department. Agenda. Introduction Access Control Parameters Access Control Architectures Access Control management Conclusion. Firewall. Network. Source and destination addresses.

noam
Download Presentation

Access Control in ATM Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IBM Zurich, March 1st Access Control in ATM Networks Olivier Paul ENST Bretagne RSM Department ENST Bretagne

  2. Agenda • Introduction • Access Control Parameters • Access Control Architectures • Access Control management • Conclusion ENST Bretagne

  3. Firewall Network • Source and destination addresses • Application or Service identifiers Client Server • Protocol • Action access-list 101 permit tcp any gt 1023 192.165.203.5 0.0.0.0 eq 80 Introduction • Access Control: • Security service providing a protection against an unauthorised used by an entity or group of entities (ISO). ENST Bretagne

  4. Introduction • ATM (Asynchronous Transfer Mode) : • Specified to transport various kind of flows. • Allows applications to request Quality of Service. • High Speed (Mb/s -> Gb/s). • Connection oriented. • Data transported through small packets (cells). • Usage: • Directly: Some native ATM applications (ANS, VoD). • Indirectly: IP over ATM (IPOA, LANE, MPOA, MPLS): most common use. ENST Bretagne

  5. Bus / Switch Classification • Classification and copy(bus) operations are generally considered as the bottleneck in the firewall architecture. Reassembly Operations Buffer Fragmentation • The impact on the QoS depends on the buffer characteristics. Introduction Firewall ENST Bretagne

  6. Theoretical bounds : • Temporal Comp. : O(log n), Spatial Comp. : O(n d). • Temporal Comp.: O(n), Spatial Comp.: O(log d-1 n). The flow classification problem If Cond1 and Cond2 and Cond3 then action1 If Cond4 and Cond5 then action2 If Cond6 then action1 n rules carrying on d fields Classifier Dest ports Source ports Dest Address Source Address Flags Proto d fields Lakshman & al. [ACM SIGCOMM ‘ 98] ENST Bretagne

  7. Bus / Switch Classification • Classification and copy(bus) operations are generally considered as the bottleneck in the firewall architecture. Buffer Fragmentation Reassemble • The impact on the QoS depends on the buffer characteristics. Introduction Firewall • In the case of ATM networks: Throughput Quality of Service Access Control Parameters ENST Bretagne

  8. Agenda • Introduction • Access Control Parameters • Access Control Architectures • Access Control Management • Conclusion ENST Bretagne

  9. Information generated by the ATM model Analysis of ATM applications & services New attacks Analogies with parameters used in existing protocols New ATM Access Control Parameters Application Access Control profiles Access Control Parameters Classification Access Control parameters Existing Parameters TCP/IP parameters ATM parameters Addresses Already Well Known ENST Bretagne

  10. Information generated by the signalling protocol Information generated by ATM cell headers New addressing information Service descriptors Quality of Service Descriptors Other parameters Type of flow Connection identifiers Access Control parameters Existing Parameters TCP/IP parameters ATM parameters Addresses Already Well Known ENST Bretagne

  11. Agenda • Introduction • Access Control Parameters • Access Control Architectures • Access Control Management • Conclusion ENST Bretagne

  12. Two main problems to solve: Classification process efficiency QoS insurance Agents based access control architecture Distributed access control process Non blocking Access Control Process Classification Algorithm with bounded complexities Fast packet classification Algorithm Centralised Access Control Architecture Access Control Architectures Goal: Provide an Access Control service • For ATM native applications By using our new access control parameters • For IP over ATM applications By using well known TCP/IP access Control Parameters ENST Bretagne

  13. Controller Policy Controller Policy Agents based access control architecture Improving access control performance Controller Policy External Network Internal Network Concurrent access control processes Schuba [Ph. D. Thesis, Purdue University, 97] ENST Bretagne

  14. Controller Internal Network 1 Internal Network 2 Internal Network 3 Controller Agents based access control architecture Improving access control performance Policy 1 Controller Policy 2 External Network Policy 3 Controllers specialisation through policy segmentation ENST Bretagne

  15. Basic Idea: Using a non blocking access control process The Access Control decision is taken independently from the flows transported over the network. Agent based access control architecture Are performance improvements sufficient to solve the QoS problem ? • If we can prove that • The classification process is always fast enough. • The delay introduced by the classification process is small and bounded. • Then: Yes. Sometimes No • Do existing access control devices comply with these conditions ? Respect of the QoS has to be insured through other means ENST Bretagne

  16. Agent based access control architecture If we don ’t block the flows, where can we find the useful access control information ? External network > In the network devices protocol stacks . ATM Switch • Network devices keep information about ongoing communications in their protocol stack. Line 2 • Most of the useful access control information can be found there. E. P. ATM Switch E. P. • This information can be accessed though external programs. E. P. Line 1 ATM End System 1 ATM End System 2 Line 3 ENST Bretagne

  17. Periodically the agent polls the information located in the protocol stacks. • If the communication is not allowed then the agent interacts with the protocol stack to stop the communication. Agent based access control architecture • The basic idea is to extend such a program (later referred to as agent) with access control capabilities. External network ATM Switch • It then compares this information with a description of allowed communications. Line 2 Agent ATM Switch Agent Agent Line 1 ATM End System 1 ATM End System 2 Line 3 ENST Bretagne

  18. Agent Based Architecture • New architecture • Distributed. • Asynchronous. • Traditional Classification algorithm Conclusions • Performance improvement is difficult to evaluate. • Security is not guaranteed. • How to manage access control agents. ENST Bretagne

  19. Agenda • Introduction • Access Control Parameters • Access Control Architectures • Agents based Access Control Architecture • Centralised Access Control Architecture. • Access Control Management • Conclusion ENST Bretagne

  20. Implementable. Classification Algorithms Existing Determinist Classification Algorithms • Algorithms for Static Policies • Fast. • Take advantage of access control policies redundancies. • Unbounded temporal & spatial complexities. • Generation & Update of the classification structure are slow. • Algorithms for Dynamic Policies • Comparatively slow. • Bounded temporal & spatial complexities. • Bounded complexities for Generation & update of the classification structure. ENST Bretagne

  21. Classification Algorithm • New flow classification algorithm: • Temporal Complexity : O(d). • Spatial Complexity. : O((2n+1)d). • d : number of fields to analyse, n number of rules in the classification policy. Independent from the number of rules Unusable when d = 4 and n = 50 However ! • In practice we succeed to implement large policies by taking advantage of: • The redundancy in the classification structure. ENST Bretagne

  22. Switching operations Physical Connector Physical Connector Buffer Classification Policy IFT • Characteristics: • Mono-directional. • Physical connector: OC12 (622 Mb/s). • Unspecified Classification algorithm. • Action (1st Cell from an AAL5 frame, classification policy) : AAL5 switching. Implementation • IFT Traffic Analysis Cards (Designed by France Telecom R&D) ENST Bretagne

  23. ATM SNAP/LLC IP Header with options/ v6 TCP/UDP/ICMP Content of the first ATM cell TCP/UDP/ICMP TCP/UDP/ICMP IP Header TCP/UDP/ICMP IP SNAP/LLC IP Header TCP/UDP/ICMP SNAP/LLC AAL5 SNAP/LLC IP Header TCP/UDP/ICMP AAL5 ATM SNAP/LLC IP Header TCP/UDP/ICMP ATM 53 bytes ENST Bretagne

  24. Switching operations Physical Connector Physical Connector Buffer Classification Policy IFT • Characteristics: • Mono-directional. • Physical connector: OC12 (622 Mb/s). • Unspecified Classification algorithm. • Action (1st Cell from an AAL5 frame, classification policy) : AAL5 switching. Centralised Architecture • IFT Traffic Analysis Cards (Designed by France Telecom R&D) • Goals: • Design an architecture allowing IFTs to be used to provide the relevant access control service. • Test our new classification algorithm to check if the performance bottleneck and QoS insurance problems could be solved. ENST Bretagne

  25. Located between a private network and public network. Made of three modules: • Manager • Cell-Level Filter • Signalling Filter. • Integrates to an existing ATM switch. Architecture ENST Bretagne

  26. Max. Throughput to classify: Min. Classification capacity : 1,31 * 53 * 8 = 555 Mb/s 622 * 26/27= 599 Mb/s Size of ATM Cells Min Classification capabilities Physical Layer Overhead Phys. Connector Max. Throughput Tests • Memory requirements : Practical examples, analysis of 9 fields, using 15 ns analysis cycle. • Throughput and QoS. < Buffer (8192 bytes) Max. Delay= 120s ENST Bretagne

  27. Centralised Architecture • Old architecture • New Classification algorithm • Determinist. • Delay introduced by the access control process can be bounded. • Minimal throughput can be bounded. • Resistant to DoS attacks. Conclusions • IPv6 problem. • Algorithm is currently only able to deal with static policies. ENST Bretagne

  28. Agenda • Introduction • Access Control parameters • Access Control Architectures • Access Control Management • Distribution Criteria. • A Distributed Access Control Management Architecture. • Conclusion ENST Bretagne

  29. Make sure that the whole access control architecture will provide the access control service defined by the security officer. Efficiency Insurance Access Control Management • Problem 1: Manage a set of devices with proprietary access control configuration interfaces. (Heterogeneity problem). • Answer: Generic and ergonomic way to define the access control policy. • Problem 2: Manage distributed access control architectures(A big number of access control devices have to be configured remotely). • Answer: Automatic configuration architectures. Constraints • Security Insurance • Configure each device with the smallest subset of access control rules allowing the policy to be enforced. • Criteria have to be defined to build these sets. ENST Bretagne

  30. Criterion 1: Device Access Control Capabilities. A rule r should not be attributed to a device if this device is not located between the source and the destination described by r. • Criterion 2: Network Topology. IF SRC_ADDRESS = Source AND DST_ADDRESS = Destination THEN PERMIT A.C. A.C. A.C. A.C. A.C. A.C. A.C. Source Destination A.C. A.C. A.C. A.C. A.C. A.C. Criteria • A rule can not be attributed to a device if this device is not able to implement the rule. ENST Bretagne

  31. Criterion 3 (new): Type of rule (permit/ deny) A.C. A.C. A.C. A.C. A.C. Criteria IF SRC_ADDRESS = Source AND DST_ADDRESS = Destination THEN DENY A.C. A.C. A.C. A.C. A.C. A.C. Source Destination A.C. A.C. A.C. • A “deny” rule r has to be attributed to a single device. This device is the closest from the source or the destination described by r. ENST Bretagne

  32. Access Control Policy Network Model Centralised A.C. Management Architectures • Filtering Postures, J. Guttman, IEEE S&P 97. • Firmato toolkit, Bartal & al., IEEE S&P 99. • Policy based management, S. Hinrichs, ACSAC 99. • An Asynchronous Distributed Access Control Architecture For IP Over ATM Networks, Paul & al. , ACSAC 99. • Managing Security In Dynamic networks, Konstantinou & al., LISA 99. Security Officer Device 1 Device 3 Console Device 2 ENST Bretagne

  33. Acyclic Network model A.C. A.C. Source Destination A.C. A.C. IF SRC_ADDRESS = Source AND DST_ADDRESS = Destination THEN PERMIT IF SRC_ADDRESS = Source AND DST_ADDRESS = Destination THEN DENY ENST Bretagne

  34. Acyclic Network Model A.C. A.C. Source Destination A.C. A.C. • Distribution enforces the three criteria. • Topology changes force the Security Officer to reconfigure access control devices. ENST Bretagne

  35. A.C. A.C. X Acyclic Model A.C. A.C. Source Destination A.C. A.C. • The delay between topology changes and access control devices reconfiguration can introduce security holes. ENST Bretagne

  36. A.C. X Acyclic Model A.C. A.C. A.C. X Source Destination A.C. A.C. • The delay between topology changes and access control devices reconfiguration can introduce security holes. ENST Bretagne

  37. Access Control Policy Distributed A.C. Management Architecture Security Officer • Management of network security application, Hyland & Sandhu, NISSC 98. • Integrated management of network and host based security mechanisms, Falk & al., ACISP 98. Device 1 Device 3 Console Device 2 ENST Bretagne

  38. Management agents located on access control devices. A.C.M. Agent Device 1 Device 3 Device 5 Device 4 Device 2 A.C. Manager A.C.M. Agent A.C.M. Agent Our proposal Routing Agent • The agents generate efficient configurations using our three criteria. • The agents interact with the other elements. Routing Agent Routing Agent Routing Agent ENST Bretagne

  39. Topology changes can be used when a new access control posture has been computed and implemented. • Security holes can be avoided. Routing Agent Access Control Management Agent Routing Table Access Control Mechanisms Our Proposal • Key features: • Continuous interaction between the agent and it’s environment. • Local Access Control Policy automatic adaptation. ENST Bretagne

  40. The usage of the three criteria leads to a number of rules equivalent to the one generated through a manual configuration The number of rules without optimisation grows in a polynomial way with the number of access control devices whereas the number of rules after optimisation grows linearly. Simulation Results ENST Bretagne

  41. Distributed Access Control Management Architecture • Generates more efficient configuration through the use of an additional distribution criterion. • Reduces the interactions between the security officer and the access control management architecture. • Prevents temporary security holes. Conclusions • The security officer learns “a posteriori” what happened in the network. • The whole access control policy has to be sent to the agents. ENST Bretagne

  42. Agenda • Introduction • Access Control Parameters • Access Control Architectures • Access Control Management • Conclusion ENST Bretagne

  43. Conclusion • ATM Access Control parameters analysis • Application Protection Profiles. • Access Control Parameters have been classified. • Two IP over ATM Access Control Architectures • Able to take new ATM access control parameters into account. • New access control architecture/ Old classification Algorithm. • Traditional access control Architecture/New classification Algorithm. • Implementation through IFT cards. • Distributed Automatic Access Control Management Architecture • New distribution criterion. • Distributed access control management architecture allowing security holes to be avoided. • Implementation using the ns simulator. ENST Bretagne

  44. Future work • New application level access control parameters • Improvements to our classification algorithm • New version of IFTs. • Higher Throughput (1Gb/s). • Wider analysis capability. • New classification functions. • Application in new areas (Intrusion Detection, Application level Access Control). • Adaptation to other security services. • Taking mobility into account. • Taking access control service integrity into account. ENST Bretagne

  45. Questions ? ENST Bretagne

More Related